I believe you've misunderstood what I am asking. Surely with the way you describe it, I've asked a stupid question, but that's not the case. Please give me a chance to clarify:
Invalid senders, ie: doesnotex...@ourcharity.org will always be blocked, not scored (to do otherwise is crazy as you said). The IP appears to get a score though, and that's based on flValencePB if I am interpreting the code and GUI correctly. Scoring the IP is good thing. No change requested there. DoNoSpoofing allows us to score the message if a message for a local and valid (not invalid, but valid) address is used as the mail-from. I don't have the luxury of setting DoNoSpoofing to block as external systems sometimes send LEGITIMATE email to us using our >>valid<< addresses (aka, "spoofed"). An example of this is someone here sending someone else a newspaper article link by clicking on a "send this article to a friend" type of link on the newspaper website. Mail-from is pers...@ourcharity.org rcpt-to is pers...@ourcharity.org. It's a legit mail, both valid email addresses, but the mail-from is spoofed as its sent unauthenicated from a 3rd party. I don't like that this is a thing, but it's a legit mail, and must get through. I can't add exceptions for the infinite number of sites and services that allow for this... flValancePB just says "Invalid Local Sender," but in looking at the code, it appears that that same valance is used if DoNoSpoofing is set to score (which I need to do). A spoofed valid address is not an invalid address, it's just spoofed. Admins would have no way of knowing that flValancePB is used for spoofed too without looking at the code. I give IP's a score of 20 if they try to send using an invalid address. This is helpful and I wouldn't want that to change. Send my server tons of emails to joe@ sam@ info@ etc, you'll get blocked. However, I can't assign a score of 20 to every message/ip that's sending spoofed mail to legit addresses, that score will add up too quickly and potentially combine with other scores enough to erroneously block legit messages. I only want to score a message that is spoofed with 5, maybe 10 so it's more likely to get through. THAT is why I asked if this is a feature worth considering. I'm not asking for something super specialized for me, I think it would benefit all to have the additional flexibility that I'm suggesting. And if you don't want to do this, that's fine I can just leae DoNoSpoofing disabled, but at least indicate in the GUI that the valance is reused for spoofs too so people who use scoring know what score is added. And to address your concern about thinking before I post- I always consider your time before posting. I disagree wholeheartedly that TIME=MONEY. Money can be replaced and earned, time is irreplaceable. I've asked a tremendous number of questions over the last couple of months, and most have resulted in you either fixing code bugs or adding incredibly valuable features for all to use. In this case, for you to thinking that I'm haphazardly posting is just silly. I reviewed code to discover what's going on and then asked my question. I've re-read the original and it is still clear to me. Maybe you just misread it, were temporarily confused by some of the un-clear variable names. Maybe i wasn't descriptive enough. Or maybe I'm just plain wrong - but it wasn't posted without care and though. I'm insulted that you think that of me. You're immensely appreciated, I just wish you wouldn't be so annoyed by what I post. If you look at previous threads, there's a lot of me apologizing when you say you won't do something that I've asked about - but very often, in the end you see what I'm saying and fix the problem or add the feature. It takes time to hash this stuff out. That's what this discussion forum is for, and it's working. I understand that I'm not generally the most concise person, but in explaining bugs/problems/feature requests, I'd be doing a disservice if I were any less detailed than necessary. Please try to be more patient with me, or at least understand that I'm not trying to be difficult - I'm doing the best I can to improve ASSP and be helpful to the community as a whole. Are there selfish motives too? Of course, but overall I'm not asking for extraordinary things. I firmly believe that I have added significantly to this program through my suggestions and bug reports. I've said it a million times before, but it never can be said enough, thank YOU for listening and acting. Ken ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
